FEDORA-EPEL-2018-c887b5aaa9

security update in Fedora EPEL 7 for pagure

Status: unpushed

Rebase to Pagure 5.0.1 to move to a maintained Pagure version and fix CVE-2017-1002151, as well as many other issues.

Upstream changes with the rebase to 5.0.1:

  • The UI has been completely redesigned
  • Theming has been redesigned, and new themes are included as subpackages
  • Many new API endpoints have been added
  • Reworked how git hooks work to rely on a single file for efficiency
  • Expanded functionality included in the pagure-admin command

Consult the official Pagure documentation on upgrading to Pagure 5 from earlier versions.

Comments 13

This update has been submitted for testing by ngompa.

This update has obsoleted pagure-2.10.1-1.el7, and has inherited its bugs and notes.

ngompa edited this update.

ngompa edited this update.

ngompa edited this update.

This update has been pushed to testing.

Requires python-celery, which is not available.

karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

I found same dependency issue.

karma: -1

python-celery is in Extras/Optional, so we can't ship it in EPEL.

Hmm, I stand corrected. I don't know where celery comes from.

[citation needed]

It does not seem to be mentioned in the JSON files in https://infrastructure.fedoraproject.org/repo/json/

Perhaps that's only in the upcoming RHEL 7.6? If not, what's the exact RHEL channel name?

This update has been unpushed.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1474269 CVE-2017-1002151 pagure: Private repositories accessible through ssh
#1474270 CVE-2017-1002151 pagure: Private repositories accessible through ssh [epel-7]
#1634318 pagure-5.0.1 is available
Content Type
RPM
Status
unpushed
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
-2
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 8 months ago
in testing 8 months ago
modified 8 months ago

Related Bugs 3

00 #1474269 CVE-2017-1002151 pagure: Private repositories accessible through ssh
00 #1474270 CVE-2017-1002151 pagure: Private repositories accessible through ssh [epel-7]
00 #1634318 pagure-5.0.1 is available

Automated Test Results